Bug#4673: ppp insecure

To: Bernd Eckenfels <lists@lina.inka.de>
Cc: linux-ppp@vger.rutgers.edu, 4673@bugs.debian.org
Subject: Bug#4673: ppp insecure
From: M Shariful Anam <shuman@triton.kaifnet.com>
Date: Fri, 25 Oct 1996 13:07:28 +0600 (GMT+0600)
Message-id: <[🔎] Pine.LNX.3.91.961025130435.26766G-100000@triton.kaifnet.com>
Reply-to: M Shariful Anam <shuman@triton.kaifnet.com>, 4673@bugs.debian.org
In-reply-to: <[🔎] m0vGcKd-0004ijC@lina>

On Fri, 25 Oct 1996, Bernd Eckenfels wrote:
> Ian Jackson in Debian-Bug#4673
> > Furthermore, I have doubts as to whether pppd was designed to be
> > installed setuid.  Are there any facilities for limiting which options
> > can be set by unprivileged users, and if not why are they not
> > documented ?

pppd needs to setuid root or run by root to work, since it needs to 
update different things, like the routing table etc.

> > It seems likely to me that pppd wasn't designed for setuid use and
> > that installing it setuid will allow any user to get root by for
> > example having pppd write logs to unusual places or whatever.

No, just the pppd started by any user will have a root ownership. But 
there are not too many scripts which are automatically run by pppd, all 
of those must be in specific places (e.g. /etc/ppp/ip-up), so just making 
sure that those files are not writable (or even readable) by users should 
make it safe.

---
 M Shariful Anam                              <shuman@kaifnet.com>

                Kaifnet Services -- Bangladesh

--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-devel-REQUEST@lists.debian.org . Trouble? e-mail to Bruce@Pixar.com

Reply to:

References:
- Bug#4673: ppp insecure
  - From: lists@lina.inka.de (Bernd Eckenfels)

Prev by Date: Re: default font problems with sharefont and freefont
Next by Date: Re: xinetd
Previous by thread: Bug#4673: ppp insecure
Next by thread: Bug#4673: ppp insecure
Index(es):
- Date
- Thread